Configure Firewall

Configure Firewall

1. Go to Administration. Double-click on your virtual data center (Cloud Resources - Virtual Datacenters). Select the Edge Gateways tab AND RIGHT-CLICK ON THE REQUIRED VSHIELD EDGE. In the pop-up menu, select Edge Gateway Services

2. In the Configure Services pop-up window, go to the Firewall tab. By default, Deny is selected under Default action, so the Firewall will block all traffic. To avoid this you need to configure the rules.

3. To add a new rule, click on Add. In the new window specify the rule parameters:

In the Name field specify the name of the rule, such as internet;
In the Source field enter the required source addresses: a single IP address, a range of IP addresses, CIDR or key variables:

  • Internal - all the internal networks
  • External - all external networks
  • Any - any network

For example, you can type Internal.

In the Source Port field, select the source port. You can specify a single port, a range of ports or all ports by using the key variable Any;
In the Destination field, specify the destination address. In the same format as for the Source field, for example, external;
In the Destination Port field, select the destination port. The port can also be registered manually. You can leave Any;
In the Protocol field, select the required protocol or all protocols (Any option);
In the Action field select the required value. Click on OK.

Important: If the Firewall is set to Allow, then in the rule specify the parameters of the sessions that Firewall will block. To do this you need to select Deny in the rules window. If the Deny option is displayed, then in the rule specify the parameters of the sessions that Firewall will let through.

Examples of rules:

Rule 1 for Firewall (test 2) allows access to the internet via any protocol.

Rule 2 for the Firewall (Test) allows access from the internet (TCP protocol, port 3389) through your external address. In this case